soc/amd/*/Kconfig: rework SPL options
Move all security patch level (SPL) related Kconfig options to the
common AMD PSP Kconfig file. Commit 4ab1db82bb ("soc/amd: rework SPL
file override and SPL fusing handling") already reworked the SPL
handling, but missed that another Kconfig option
SOC_AMD_COMMON_BLOCK_PSP_FUSE_SPL controlled if the PSP mailbox command
to update the SPL fuses was sent by the code that got added to the build
when PERFORM_SPL_FUSING was selected.
To make things less unexpected, rename PERFORM_SPL_FUSING to
SOC_AMD_COMMON_BLOCK_PSP_SPL since it actually controls if the SPL
support code is added to the build and also rename
SOC_AMD_COMMON_BLOCK_PSP_FUSE_SPL to PERFORM_SPL_FUSING. This changes
what PERFORM_SPL_FUSING will do from including the code that could do
the fusing if another option is set to being the option that controls if
the fusing mailbox command will be set. All SoCs that support SPL now
select SOC_AMD_COMMON_BLOCK_PSP_SPL in their Kconfig, which won't burn
any SPL fuses.
The logic in the Skyrim mainboard Kconfig file is reworked to select
PERFORM_SPL_FUSING for all boards on which the SPL fuses should be
updated; on Guybrush PERFORM_SPL_FUSING default is changed to y for all
variants. The option to include the code that checks the SPL fusing
conditions and allows sending the command to update the SPL fuses if the
corresponding Kconfig is set doesn't need to be added on the mainboard
level, since it's already selected at the SoC level.
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I12fd8775db66f16fe632674cd67c6af483e8d4e2
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78309
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
This commit is contained in:
Felix Held
parent
2aa30051be
commit
51d1f30d0e
|
|
@ -41,7 +41,6 @@ config BOARD_GOOGLE_BASEBOARD_GUYBRUSH
|
|||
select SOC_AMD_COMMON_BLOCK_GRAPHICS_ATIF
|
||||
select SOC_AMD_COMMON_BLOCK_I2C3_TPM_SHARED_WITH_PSP
|
||||
select SOC_AMD_COMMON_BLOCK_USE_ESPI
|
||||
select SOC_AMD_COMMON_BLOCK_PSP_FUSE_SPL
|
||||
select SYSTEM_TYPE_LAPTOP
|
||||
select TPM_GOOGLE_CR50
|
||||
select AMD_FWM_POSITION_C20000_DEFAULT
|
||||
|
|
|
|||
|
|
@ -96,10 +96,6 @@ config PSP_LOAD_MP2_FW
|
|||
depends on CHROMEOS
|
||||
default y
|
||||
|
||||
config PERFORM_SPL_FUSING
|
||||
bool
|
||||
default y
|
||||
|
||||
config SPL_TABLE_FILE
|
||||
string
|
||||
default "3rdparty/blobs/mainboard/google/skyrim/TypeId0x55_SplTableBl_MDN_CHROME_RO.sbin"
|
||||
|
|
@ -112,7 +108,7 @@ config SPL_RW_AB_TABLE_FILE
|
|||
string
|
||||
default "3rdparty/blobs/mainboard/google/skyrim/TypeId0x55_SplTableBl_MDN_CHROME.sbin"
|
||||
|
||||
config SOC_AMD_COMMON_BLOCK_PSP_FUSE_SPL
|
||||
config PERFORM_SPL_FUSING
|
||||
default y if BOARD_GOOGLE_WINTERHOLD
|
||||
default y if BOARD_GOOGLE_FROSTFLOW
|
||||
default y if BOARD_GOOGLE_MARKARTH
|
||||
|
|
|
|||
|
|
@ -58,6 +58,7 @@ config SOC_AMD_CEZANNE
|
|||
select SOC_AMD_COMMON_BLOCK_PM
|
||||
select SOC_AMD_COMMON_BLOCK_PM_CHIPSET_STATE_SAVE
|
||||
select SOC_AMD_COMMON_BLOCK_PSP_GEN2
|
||||
select SOC_AMD_COMMON_BLOCK_PSP_SPL
|
||||
select SOC_AMD_COMMON_BLOCK_RESET
|
||||
select SOC_AMD_COMMON_BLOCK_SMBUS
|
||||
select SOC_AMD_COMMON_BLOCK_SMI
|
||||
|
|
@ -376,28 +377,6 @@ config PSP_WHITELIST_FILE
|
|||
depends on HAVE_PSP_WHITELIST_FILE
|
||||
default "3rdparty/amd_blobs/cezanne/PSP/wtl-czn.sbin"
|
||||
|
||||
config PERFORM_SPL_FUSING
|
||||
bool "Send SPL fuse command to PSP"
|
||||
default n
|
||||
help
|
||||
Send the Security Patch Level (SPL) fusing command to the PSP in
|
||||
order to update the minimum SPL version to be written to the SoC's
|
||||
fuse bits. This will prevent using any embedded firmware components
|
||||
with lower SPL version.
|
||||
|
||||
If unsure, answer 'n'
|
||||
|
||||
config SPL_TABLE_FILE
|
||||
string "SPL table file override"
|
||||
help
|
||||
Provide a mainboard-specific Security Patch Level (SPL) table file
|
||||
override. The SPL file is required to support PSP FW anti-rollback
|
||||
and needs to be created by AMD. The default SPL file specified in the
|
||||
SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule
|
||||
and applies to all boards that use the SoC without verstage on PSP.
|
||||
In the verstage on PSP case, a different SPL file is specific as an
|
||||
override via this Kconfig option.
|
||||
|
||||
config PSP_SOFTFUSE_BITS
|
||||
string "PSP Soft Fuse bits to enable"
|
||||
default "28 6"
|
||||
|
|
|
|||
|
|
@ -29,13 +29,50 @@ config SOC_AMD_PSP_SELECTABLE_SMU_FW
|
|||
fanned set of blobs. Ask your AMD representative whether your APU
|
||||
is considered fanless.
|
||||
|
||||
config SOC_AMD_COMMON_BLOCK_PSP_FUSE_SPL
|
||||
config SOC_AMD_COMMON_BLOCK_PSP_SPL
|
||||
bool
|
||||
default n
|
||||
depends on SOC_AMD_COMMON_BLOCK_PSP_GEN2
|
||||
help
|
||||
Enable sending of set SPL message to PSP. Enable this option if the platform
|
||||
will require SPL fusing to be performed by PSP.
|
||||
Select this option in the SoC's Kconfig to include the Security Patch
|
||||
Level (SPL) support code. This code will only send the actual SPL
|
||||
fuse update command to the PSP if the PERFORM_SPL_FUSING option is
|
||||
also selected.
|
||||
|
||||
config PERFORM_SPL_FUSING
|
||||
bool "Send SPL fusing command to PSP"
|
||||
default n
|
||||
depends on SOC_AMD_COMMON_BLOCK_PSP_SPL
|
||||
help
|
||||
Send the Security Patch Level (SPL) fusing command to the PSP in
|
||||
order to update the minimum SPL version to be written to the SoC's
|
||||
fuse bits. This will prevent using any embedded firmware components
|
||||
with lower SPL version.
|
||||
|
||||
If unsure, answer 'n'
|
||||
|
||||
config SPL_TABLE_FILE
|
||||
string "SPL table file override"
|
||||
depends on SOC_AMD_COMMON_BLOCK_PSP_SPL
|
||||
help
|
||||
Provide a mainboard-specific Security Patch Level (SPL) table file
|
||||
override. The SPL file is required to support PSP FW anti-rollback
|
||||
and needs to be created by AMD. The default SPL file specified in the
|
||||
SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule
|
||||
and applies to all boards that use the SoC without verstage on PSP.
|
||||
In the verstage on PSP case, a different SPL file is specific as an
|
||||
override via this Kconfig option.
|
||||
|
||||
config HAVE_SPL_RW_AB_FILE
|
||||
bool "Have a separate mainboard-specific SPL file in RW A/B partitions"
|
||||
default n
|
||||
depends on SOC_AMD_COMMON_BLOCK_PSP_SPL
|
||||
depends on VBOOT_SLOTS_RW_AB
|
||||
help
|
||||
Have separate mainboard-specific Security Patch Level (SPL) table
|
||||
file for the RW A/B FMAP partitions.
|
||||
|
||||
config SPL_RW_AB_TABLE_FILE
|
||||
string "Separate SPL table file override for RW A/B partitions"
|
||||
depends on HAVE_SPL_RW_AB_FILE
|
||||
|
||||
config PSP_PLATFORM_SECURE_BOOT
|
||||
bool "Platform secure boot enable"
|
||||
|
|
|
|||
|
|
@ -29,6 +29,6 @@ ramstage-$(CONFIG_SOC_AMD_COMMON_BLOCK_I2C3_TPM_SHARED_WITH_PSP) += tpm.c
|
|||
smm-y += psp_gen2.c
|
||||
smm-y += psp_smm_gen2.c
|
||||
|
||||
ramstage-$(CONFIG_PERFORM_SPL_FUSING) += spl_fuse.c
|
||||
ramstage-$(CONFIG_SOC_AMD_COMMON_BLOCK_PSP_SPL) += spl_fuse.c
|
||||
|
||||
endif # CONFIG_SOC_AMD_COMMON_BLOCK_PSP_GEN2
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ static void psp_set_spl_fuse(void *unused)
|
|||
return;
|
||||
}
|
||||
|
||||
if (!CONFIG(SOC_AMD_COMMON_BLOCK_PSP_FUSE_SPL))
|
||||
if (!CONFIG(PERFORM_SPL_FUSING))
|
||||
return;
|
||||
|
||||
printk(BIOS_DEBUG, "PSP: SPL Fusing Update Requested.\n");
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ config SOC_SPECIFIC_OPTIONS
|
|||
select SOC_AMD_COMMON_BLOCK_LPC
|
||||
select SOC_AMD_COMMON_BLOCK_NONCAR
|
||||
select SOC_AMD_COMMON_BLOCK_PCI_MMCONF
|
||||
select SOC_AMD_COMMON_BLOCK_PSP_SPL
|
||||
select SOC_AMD_COMMON_BLOCK_SMI
|
||||
select SOC_AMD_COMMON_BLOCK_SMU
|
||||
select SOC_AMD_COMMON_BLOCK_SMU_SX_ENTRY
|
||||
|
|
@ -131,28 +132,6 @@ config PSP_WHITELIST_FILE
|
|||
string "Debug whitelist file path"
|
||||
depends on HAVE_PSP_WHITELIST_FILE
|
||||
|
||||
config PERFORM_SPL_FUSING
|
||||
bool "Send SPL fuse command to PSP"
|
||||
default n
|
||||
help
|
||||
Send the Security Patch Level (SPL) fusing command to the PSP in
|
||||
order to update the minimum SPL version to be written to the SoC's
|
||||
fuse bits. This will prevent using any embedded firmware components
|
||||
with lower SPL version.
|
||||
|
||||
If unsure, answer 'n'
|
||||
|
||||
config SPL_TABLE_FILE
|
||||
string "SPL table file override"
|
||||
help
|
||||
Provide a mainboard-specific Security Patch Level (SPL) table file
|
||||
override. The SPL file is required to support PSP FW anti-rollback
|
||||
and needs to be created by AMD. The default SPL file specified in the
|
||||
SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule
|
||||
and applies to all boards that use the SoC without verstage on PSP.
|
||||
In the verstage on PSP case, a different SPL file is specific as an
|
||||
override via this Kconfig option.
|
||||
|
||||
config PSP_SOFTFUSE_BITS
|
||||
string "PSP Soft Fuse bits to enable"
|
||||
default ""
|
||||
|
|
|
|||
|
|
@ -61,6 +61,7 @@ config SOC_AMD_GLINDA
|
|||
select SOC_AMD_COMMON_BLOCK_PM # TODO: Check if this is still correct
|
||||
select SOC_AMD_COMMON_BLOCK_PM_CHIPSET_STATE_SAVE # TODO: Check if this is still correct
|
||||
select SOC_AMD_COMMON_BLOCK_PSP_GEN2 # TODO: Check if this is still correct
|
||||
select SOC_AMD_COMMON_BLOCK_PSP_SPL
|
||||
select SOC_AMD_COMMON_BLOCK_RESET
|
||||
select SOC_AMD_COMMON_BLOCK_SMBUS # TODO: Check if this is still correct
|
||||
select SOC_AMD_COMMON_BLOCK_SMI # TODO: Check if this is still correct
|
||||
|
|
@ -349,39 +350,6 @@ config PSP_WHITELIST_FILE
|
|||
depends on HAVE_PSP_WHITELIST_FILE
|
||||
default "site-local/3rdparty/amd_blobs/glinda/PSP/wtl-mrg.sbin"
|
||||
|
||||
config PERFORM_SPL_FUSING
|
||||
bool "Send SPL fuse command to PSP"
|
||||
default n
|
||||
help
|
||||
Send the Security Patch Level (SPL) fusing command to the PSP in
|
||||
order to update the minimum SPL version to be written to the SoC's
|
||||
fuse bits. This will prevent using any embedded firmware components
|
||||
with lower SPL version.
|
||||
|
||||
If unsure, answer 'n'
|
||||
|
||||
config SPL_TABLE_FILE
|
||||
string "SPL table file override"
|
||||
help
|
||||
Provide a mainboard-specific Security Patch Level (SPL) table file
|
||||
override. The SPL file is required to support PSP FW anti-rollback
|
||||
and needs to be created by AMD. The default SPL file specified in the
|
||||
SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule
|
||||
and applies to all boards that use the SoC without verstage on PSP.
|
||||
In the verstage on PSP case, a different SPL file is specific as an
|
||||
override via this Kconfig option.
|
||||
|
||||
config HAVE_SPL_RW_AB_FILE
|
||||
bool "Have a separate mainboard-specific SPL file in RW A/B partitions"
|
||||
default n
|
||||
depends on VBOOT_SLOTS_RW_AB
|
||||
help
|
||||
Have separate mainboard-specific Security Patch Level (SPL) table
|
||||
file for the RW A/B FMAP partitions.
|
||||
|
||||
config SPL_RW_AB_TABLE_FILE
|
||||
string "Separate SPL table file override for RW A/B partitions"
|
||||
|
||||
config PSP_SOFTFUSE_BITS
|
||||
string "PSP Soft Fuse bits to enable"
|
||||
default "34 28 6"
|
||||
|
|
|
|||
|
|
@ -64,6 +64,7 @@ config SOC_AMD_REMBRANDT_BASE
|
|||
select SOC_AMD_COMMON_BLOCK_PM
|
||||
select SOC_AMD_COMMON_BLOCK_PM_CHIPSET_STATE_SAVE
|
||||
select SOC_AMD_COMMON_BLOCK_PSP_GEN2
|
||||
select SOC_AMD_COMMON_BLOCK_PSP_SPL
|
||||
select SOC_AMD_COMMON_BLOCK_RESET
|
||||
select SOC_AMD_COMMON_BLOCK_SMBUS
|
||||
select SOC_AMD_COMMON_BLOCK_SMI
|
||||
|
|
@ -406,39 +407,6 @@ config PSP_WHITELIST_FILE
|
|||
depends on HAVE_PSP_WHITELIST_FILE
|
||||
default "site-local/3rdparty/amd_blobs/mendocino/PSP/wtl-mdn.sbin"
|
||||
|
||||
config PERFORM_SPL_FUSING
|
||||
bool "Send SPL fuse command to PSP"
|
||||
default n
|
||||
help
|
||||
Send the Security Patch Level (SPL) fusing command to the PSP in
|
||||
order to update the minimum SPL version to be written to the SoC's
|
||||
fuse bits. This will prevent using any embedded firmware components
|
||||
with lower SPL version.
|
||||
|
||||
If unsure, answer 'n'
|
||||
|
||||
config SPL_TABLE_FILE
|
||||
string "SPL table file override"
|
||||
help
|
||||
Provide a mainboard-specific Security Patch Level (SPL) table file
|
||||
override. The SPL file is required to support PSP FW anti-rollback
|
||||
and needs to be created by AMD. The default SPL file specified in the
|
||||
SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule
|
||||
and applies to all boards that use the SoC without verstage on PSP.
|
||||
In the verstage on PSP case, a different SPL file is specific as an
|
||||
override via this Kconfig option.
|
||||
|
||||
config HAVE_SPL_RW_AB_FILE
|
||||
bool "Have a separate mainboard-specific SPL file in RW A/B partitions"
|
||||
default n
|
||||
depends on VBOOT_SLOTS_RW_AB
|
||||
help
|
||||
Have separate mainboard-specific Security Patch Level (SPL) table
|
||||
file for the RW A/B FMAP partitions.
|
||||
|
||||
config SPL_RW_AB_TABLE_FILE
|
||||
string "Separate SPL table file override for RW A/B partitions"
|
||||
|
||||
config PSP_SOFTFUSE_BITS
|
||||
string "PSP Soft Fuse bits to enable"
|
||||
default "34 28 6"
|
||||
|
|
|
|||
|
|
@ -64,6 +64,7 @@ config SOC_AMD_PHOENIX
|
|||
select SOC_AMD_COMMON_BLOCK_PM
|
||||
select SOC_AMD_COMMON_BLOCK_PM_CHIPSET_STATE_SAVE
|
||||
select SOC_AMD_COMMON_BLOCK_PSP_GEN2 # TODO: Check if this is still correct
|
||||
select SOC_AMD_COMMON_BLOCK_PSP_SPL
|
||||
select SOC_AMD_COMMON_BLOCK_RESET
|
||||
select SOC_AMD_COMMON_BLOCK_SMBUS
|
||||
select SOC_AMD_COMMON_BLOCK_SMI
|
||||
|
|
@ -362,39 +363,6 @@ config PSP_WHITELIST_FILE
|
|||
depends on HAVE_PSP_WHITELIST_FILE
|
||||
default "site-local/3rdparty/amd_blobs/phoenix/PSP/wtl-phx.sbin"
|
||||
|
||||
config PERFORM_SPL_FUSING
|
||||
bool "Send SPL fuse command to PSP"
|
||||
default n
|
||||
help
|
||||
Send the Security Patch Level (SPL) fusing command to the PSP in
|
||||
order to update the minimum SPL version to be written to the SoC's
|
||||
fuse bits. This will prevent using any embedded firmware components
|
||||
with lower SPL version.
|
||||
|
||||
If unsure, answer 'n'
|
||||
|
||||
config SPL_TABLE_FILE
|
||||
string "SPL table file override"
|
||||
help
|
||||
Provide a mainboard-specific Security Patch Level (SPL) table file
|
||||
override. The SPL file is required to support PSP FW anti-rollback
|
||||
and needs to be created by AMD. The default SPL file specified in the
|
||||
SoC's fw.cfg is in the corresponding folder of the amd_blobs submodule
|
||||
and applies to all boards that use the SoC without verstage on PSP.
|
||||
In the verstage on PSP case, a different SPL file is specific as an
|
||||
override via this Kconfig option.
|
||||
|
||||
config HAVE_SPL_RW_AB_FILE
|
||||
bool "Have a separate mainboard-specific SPL file in RW A/B partitions"
|
||||
default n
|
||||
depends on VBOOT_SLOTS_RW_AB
|
||||
help
|
||||
Have separate mainboard-specific Security Patch Level (SPL) table
|
||||
file for the RW A/B FMAP partitions.
|
||||
|
||||
config SPL_RW_AB_TABLE_FILE
|
||||
string "Separate SPL table file override for RW A/B partitions"
|
||||
|
||||
config PSP_SOFTFUSE_BITS
|
||||
string "PSP Soft Fuse bits to enable"
|
||||
default "36 28 6"
|
||||
|
|
|
|||
Loading…
Reference in New Issue